<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Android: NULL pointer dereference with i965 mesa-dev, seems build_id_length related"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=104642">104642</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Android: NULL pointer dereference with i965 mesa-dev, seems build_id_length related
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Mesa
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>git
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86-64 (AMD64)
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>other
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>blocker
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Drivers/DRI/i965
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>intel-3d-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>issor.oruam@gmail.com
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>intel-3d-bugs@lists.freedesktop.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=136731" name="attach_136731" title="logcat with chrome app crash">attachment 136731</a> <a href="attachment.cgi?id=136731&action=edit" title="logcat with chrome app crash">[details]</a></span>
logcat with chrome app crash

Hi,

while testing Android 8.1 build with latest mesa 17.4.0devel and libdrm 2.4.89

SIGSEGV MAPERR due to NULL pointer dereference happens with Chrome (and Firefox
browser) apps, here is logcat extract for chrome


--------- beginning of crash
... F libc    : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x4 in tid 4851
(RenderThread), pid 4503 (.android.chrome)
... I crash_dump32: obtaining output fd from tombstoned, type:
kDebuggerdTombstone
... I /system/bin/tombstoned: received crash request for pid 4503
... I crash_dump32: performing dump of process 4503 (target tid = 4851)
... F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
... F DEBUG   : Build fingerprint:
'Android-x86/android_x86_64/x86_64:8.1.0/OPM1.171019.011/utente12162000:eng/test-keys'
... F DEBUG   : Revision: '0'
... F DEBUG   : ABI: 'x86'
... F DEBUG   : pid: 4503, tid: 4851, name: RenderThread  >>>
com.android.chrome <<<
... F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x4
... F DEBUG   : Cause: null pointer dereference
... F DEBUG   :     eax 00000000  ebx cca69cf4  ecx 00000009  edx bfbff004
... F DEBUG   :     esi 00000000  edi 00000010
... F DEBUG   :     xcs 00000023  xds 0000002b  xes 0000002b  xfs 0000006b  xss
0000002b
... F DEBUG   :     eip cc78d089  ebp bfbfefb8  esp bfbfefb8  flags 00010286
... F DEBUG   : 
... F DEBUG   : backtrace:
... F DEBUG   :     #00 pc 00651089  /system/vendor/lib/dri/i965_dri.so
(build_id_length+9)
... F DEBUG   :     #01 pc 00041ae2  /system/vendor/lib/dri/i965_dri.so
(brw_program_binary_init+130)
... F DEBUG   :     #02 pc 0002dd50  /system/vendor/lib/dri/i965_dri.so
(brwCreateContext+864)
... F DEBUG   :     #03 pc 003d7777  /system/vendor/lib/dri/i965_dri.so
(driCreateContextAttribs+663)
... F DEBUG   :     #04 pc 000112a1 
/android/system/vendor/lib/egl/libGLES_mesa.so
... F DEBUG   :     #05 pc 00004096 
/android/system/vendor/lib/egl/libGLES_mesa.so
... F DEBUG   :     #06 pc 0000ef37  /android/system/lib/libEGL.so


Analysing the backtrace with addr2line the NULL pointer is retured at 
src/util/build_id.c:117

utente@utente-Terabyte:~/oreo-x86_kernel_test$ addr2line -Cfe
out/target/product/x86_64/symbols/system/vendor/lib/dri/i965_dri.so
00651089
build_id_length
external/mesa/src/util/build_id.c:117  <= here it is
00041ae2
brw_program_binary_init
external/mesa/src/mesa/drivers/dri/i965/brw_program_binary.c:53
0002dd50
brw_init_driver_functions
external/mesa/src/mesa/drivers/dri/i965/brw_context.c:334
003d7777
driCreateContextAttribs
external/mesa/src/mesa/drivers/dri/common/dri_util.c:479


utente@utente-Terabyte:~/oreo-x86_kernel_test$ addr2line -Cfe
out/target/product/x86_64/symbols/system/vendor/lib/egl/libGLES_mesa.so
000112a1
dri2_create_context
external/mesa/src/egl/drivers/dri2/egl_dri2.c:1332
00004096
eglCreateContext
external/mesa/src/egl/main/eglapi.c:767


utente@utente-Terabyte:~/oreo-x86_kernel_test$ addr2line -Cfe
out/target/product/x86_64/symbols/system/lib/libEGL.so
0000ef37
eglCreateContext
frameworks/native/opengl/libs/EGL/eglApi.cpp:896


Recent changes in src/util/build_id.c may have removed some Android required
code, or i965 needs to take into account the NULL case.

Thanks for feedback
Mauro</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the QA Contact for the bug.</li>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>